Essay Sample on Coordinated Global Approach Needed to Curtail Cybercrimes in Supply Chain

Introduction

Cybersecurity is the protection of computer networks and computer systems from the theft or destruction of their software, electronic data, and hardware by malicious hackers. To address the challenges of global cybercrimes in the supply chain, a coordinated, comprehensive approach is required (Boyson 2014). The reason why cooperation among countries is necessary to curtail cybercrimes is that the economic negatives effects of cybercrime in the supply chain affect all nations of the world in equal measure (Kshetri 2018). Some of the actions which can be taken on the international scale in the effort to stop cybercrimes in the supply chain include; Creation of a global cyber court or a similar body where cybercrime incidences criminals would be judged to face consequences of their actions. The second action to stop cybercrimes, which countries require to take in unison, includes codification of cyber-attack legislation into international law.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

There are several sources of cybercrime risks in the supply chain of goods and services in the companies. The risks include; Purchase of compromised computer network which come preinstalled malware (Faisal et.al 2006). Malware is software that destroys and comprises a company's data. When companies purchase supply chain computer networks or hardware which is corrupted with preinstalled malware, they lose data to hackers, or sometimes they get their data reconfigured and destroyed by the installed malware.

Further cybersecurity risks in the organization come from the vulnerability of software used in supply chain management, which falls victim to malicious computer hackers. Computer hackers take advantage of loopholes in the computer systems and gain unauthorized access to a company's supply chain data. The hackers, once they gain access to a company's supply chain data they can take away all the data and resell it to the public, or they can keep the data and ask the companies to pay a certain amount of ransom so that they can get their data back.

Also, a company can fall victim to cybercrimes attacks because of the risks brought about by the third parties involved in the supply chain process, and the third parties could include customers or a company's suppliers. Some third parties in the company's supply chain process could breach data privacy of a company storing a company's data in places that are accessible for hackers to gain access or by reselling a company's data to the hackers. Such an act by the third parties can destroy a company's reputation and thus making a company to lose customers to competitors.

Further, a company can risk being hacked by malicious hackers because of using outdated firmware in the supply chain networks and hardware equipment. Sometimes supply chain management may not know that the network and hardware equipment has an embedded firmware that requires to be updated often. Failure to update the supply chain equipment and network on time could cause the system to be infected with malware. Also, threat hackers can leverage on the loopholes coming about as a result of the delayed update and cause damage inside the network.

Also, a breach of cybersecurity in the supply chain management can come about in the organization as a result of previous employees. A company may not have control over the actions of the previous employees, especially if the company has not ended the previous employees' access to supply chain information on the information technology platforms. Ultimately, The previous employees knowing the weakness of a company's network, for example, in the authentication process, may take advantage and share the information with the wrong people, or they even reconfigure and maliciously destroy a company's supply chain information.

To prevent an organization from experiencing cybersecurity risks from breach of privacy policies by suppliers, companies need to take all suppliers through a due diligence process to qualify them as risk potentials or not (Hofmann et.al 2018). The due diligence process should include the following method in the same order:

Understanding of the Compliance Concerns

A company needs to ensure that all the potential suppliers understand all the aspects of compliance concerns a company could be having.

Definition of Corporate Goals for the Due Diligence Process

An organization needs to clearly state the goals for the due diligence process laid down for the suppliers to follow. The goal should be in line with companies overall goal.

Gather Important Information

The company needs to gather critical information regarding the suppliers; the critical information could be in areas such as incorporation documents, offices and details on shareholders

Screening the Supplier on the PEPs and the Watch Lists

The third-party should be screened on the watch list screening process, and on whether they are politically exposed, the screening would help determine whether they have any global sanctions and whether they have ever been involved in any criminal activity.

Risk Determination Assessment

In risk determination, factors considered include; financial risks, corruption risk, and country of origin risks.

Validation of the Information Collected

In the step, the organization should validate the authenticity of the information collected regarding suppliers.

Auditing of the Due Diligence Process

Here the organization reanalysis the due process procedure to ensure that the decisions to work with the suppliers were made for the good of the organization and in good faith.

Establishment of a Continuous Monitoring Plan

The objective of the ongoing monitoring process is to ensure the discovery of potential new problems before they put the organization to risks.

Review of Suppliers Due Diligence Process Regularly

The due diligence process is reviewed periodically to ensure that it is aligned with the organization's goals at all times.

Further, to ensure that an organization gathers the right answers in the supplier's due diligence process, a list of customized questions can be used. A sample of items to the supplier to suppliers can include:

• Are you going to sell direct or through intermediaries?
• Do you have a dedicated cybersecurity resource?
• Which cybersecurity tests are you undertaking, and how often?
• Will anybody else has access to my product data?
• How often do you encrypt and back up your data?
• What happens to my data if our business relationship ends?

Moreover, supply chain management is influenced by risks brought about by social, political, and economic factors. Social factors are the factors related to dynamics in the demographics environment of a business, Political factors are the factors brought about by the political activities in a country or the world, and economic factors are the factors regarding the distribution of wealth. Political, social, and economic factors of a nation can either affect supply chain management either positively or negatively.

There are five best practices an organization can implement in its supply chain management for greater effectiveness of supply chain activities (Collier et.al 2014). They include; Assessment of an organization's readiness against cybercrimes, the ability to evaluate risk before employing mitigation measures, Complete alignment of supply chain operations with cybersecurity policies, Extension of security measures to vendors, and finally a continuous test of cybersecurity measures.

Conclusion

In conclusion, to prevent supply chain activities from the destruction brought about by cybercrime activities, organizations need to adopt best practices such as continuous vetting of suppliers, timely update of organizations firmware, and continuous data encryption and back up.

References

Boyson, S. (2014). Cyber supply chain risk management: Revolutionizing the strategic control of critical IT systems. Technovation, 34(7), 342-353.

Collier, Z. A., DiMase, D., Walters, S., Tehranipoor, M. M., Lambert, J. H., & Linkov, I. (2014). Cybersecurity standards: Managing risk and creating resilience. Computer, 47(9), 70-76.

Faisal, M. N., Banwet, D. K., & Shankar, R. (2006). Supply chain risk mitigation: modeling the enablers. Business Process Management Journal.

Hofmann, H., Schleper, M. C., & Blome, C. (2018). Conflict minerals and supply chain due diligence: an exploratory study of multi-tier supply chains. Journal of Business Ethics, 147(1), 115-141.

Kshetri, N. (2018). 1 Blockchain's roles in meeting key supply chain management objectives. International Journal of Information Management, 39, 80-89.